From 53c4b80d09ad696648e56c3f09671d614ee6532a Mon Sep 17 00:00:00 2001 From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com> Date: Fri, 10 Jun 2022 17:07:11 +0000 Subject: [PATCH] adds system instruction to upgrade legacy nonce versions (backport #25789) (#25890) * feat(nonce): adds system instruction to upgrade legacy nonce versions (#25789) https://github.com/solana-labs/solana/pull/25788 permanently disables durable transactions with legacy nonce versions which are within chain blockhash domain. This commit adds a new system instruction for a one-time idempotent upgrade of legacy nonce accounts in order to bump them out of chain blockhash domain. (cherry picked from commit b4190319a13c544410e4fd263acd03feac4e85e3) # Conflicts: # runtime/src/system_instruction_processor.rs # sdk/program/src/system_instruction.rs # web3.js/src/system-program.ts * removes mergify merge conflicts * backport UpgradeNonceAccount Co-authored-by: behzad nouri --- cli/src/cli.rs | 10 ++ cli/src/nonce.rs | 83 ++++++++- docs/src/developing/clients/javascript-api.md | 1 + runtime/src/system_instruction_processor.rs | 168 +++++++++++++++++- sdk/program/src/nonce/state/mod.rs | 55 ++++++ sdk/program/src/system_instruction.rs | 20 ++- transaction-status/src/parse_system.rs | 9 + web3.js/src/system-program.ts | 7 +- 8 files changed, 345 insertions(+), 8 deletions(-) diff --git a/cli/src/cli.rs b/cli/src/cli.rs index 4a406d17b8c288..7b097d06105356 100644 --- a/cli/src/cli.rs +++ b/cli/src/cli.rs @@ -155,6 +155,10 @@ pub enum CliCommand { destination_account_pubkey: Pubkey, lamports: u64, }, + UpgradeNonceAccount { + nonce_account: Pubkey, + memo: Option, + }, // Program Deployment Deploy { program_location: String, @@ -736,6 +740,7 @@ pub fn parse_command( ("withdraw-from-nonce-account", Some(matches)) => { parse_withdraw_from_nonce_account(matches, default_signer, wallet_manager) } + ("upgrade-nonce-account", Some(matches)) => parse_upgrade_nonce_account(matches), // Program Deployment ("deploy", Some(matches)) => { let (address_signer, _address) = signer_of(matches, "address_signer", wallet_manager)?; @@ -1120,6 +1125,11 @@ pub fn process_command(config: &CliConfig) -> ProcessResult { destination_account_pubkey, *lamports, ), + // Upgrade nonce account out of blockhash domain. + CliCommand::UpgradeNonceAccount { + nonce_account, + memo, + } => process_upgrade_nonce_account(&rpc_client, config, *nonce_account, memo.as_ref()), // Program Deployment diff --git a/cli/src/nonce.rs b/cli/src/nonce.rs index 165ac8b7bbaee3..a0b09458177957 100644 --- a/cli/src/nonce.rs +++ b/cli/src/nonce.rs @@ -13,7 +13,7 @@ use { solana_clap_utils::{ input_parsers::*, input_validators::*, - keypair::{DefaultSigner, SignerIndex}, + keypair::{CliSigners, DefaultSigner, SignerIndex}, memo::{memo_arg, MEMO_ARG}, nonce::*, }, @@ -30,8 +30,8 @@ use { pubkey::Pubkey, system_instruction::{ advance_nonce_account, authorize_nonce_account, create_nonce_account, - create_nonce_account_with_seed, instruction_to_nonce_error, withdraw_nonce_account, - NonceError, SystemError, + create_nonce_account_with_seed, instruction_to_nonce_error, upgrade_nonce_account, + withdraw_nonce_account, NonceError, SystemError, }, system_program, transaction::{Transaction, TransactionError}, @@ -173,6 +173,19 @@ impl NonceSubCommands for App<'_, '_> { .arg(nonce_authority_arg()) .arg(memo_arg()), ) + .subcommand( + SubCommand::with_name("upgrade-nonce-account") + .about("One-time idempotent upgrade of legacy nonce versions \ + in order to bump them out of chain blockhash domain.") + .arg( + pubkey!(Arg::with_name("nonce_account_pubkey") + .index(1) + .value_name("NONCE_ACCOUNT_ADDRESS") + .required(true), + "Nonce account to upgrade. "), + ) + .arg(memo_arg()), + ) } } @@ -325,6 +338,20 @@ pub fn parse_withdraw_from_nonce_account( }) } +pub(crate) fn parse_upgrade_nonce_account( + matches: &ArgMatches<'_>, +) -> Result { + let nonce_account = pubkey_of(matches, "nonce_account_pubkey").unwrap(); + let memo = matches.value_of(MEMO_ARG.name).map(String::from); + Ok(CliCommandInfo { + command: CliCommand::UpgradeNonceAccount { + nonce_account, + memo, + }, + signers: CliSigners::default(), + }) +} + /// Check if a nonce account is initialized with the given authority and hash pub fn check_nonce_account( nonce_account: &Account, @@ -648,6 +675,39 @@ pub fn process_withdraw_from_nonce_account( } } +pub(crate) fn process_upgrade_nonce_account( + rpc_client: &RpcClient, + config: &CliConfig, + nonce_account: Pubkey, + memo: Option<&String>, +) -> ProcessResult { + let latest_blockhash = rpc_client.get_latest_blockhash()?; + let ixs = vec![upgrade_nonce_account(nonce_account)].with_memo(memo); + let message = Message::new(&ixs, Some(&config.signers[0].pubkey())); + let mut tx = Transaction::new_unsigned(message); + tx.try_sign(&config.signers, latest_blockhash)?; + check_account_for_fee_with_commitment( + rpc_client, + &config.signers[0].pubkey(), + &tx.message, + config.commitment, + )?; + let merge_errors = + get_feature_is_active(rpc_client, &merge_nonce_error_into_system_error::id())?; + let result = rpc_client.send_and_confirm_transaction_with_spinner(&tx); + if merge_errors { + log_instruction_custom_error::(result, config) + } else { + log_instruction_custom_error_ex::(result, config, |ix_error| { + if let InstructionError::Custom(_) = ix_error { + instruction_to_nonce_error(ix_error, merge_errors) + } else { + None + } + }) + } +} + #[cfg(test)] mod tests { use { @@ -917,6 +977,23 @@ mod tests { ], } ); + + // Test UpgradeNonceAccount Subcommand. + let test_upgrade_nonce_account = test_commands.clone().get_matches_from(vec![ + "test", + "upgrade-nonce-account", + &nonce_account_string, + ]); + assert_eq!( + parse_command(&test_upgrade_nonce_account, &default_signer, &mut None).unwrap(), + CliCommandInfo { + command: CliCommand::UpgradeNonceAccount { + nonce_account: nonce_account_pubkey, + memo: None, + }, + signers: CliSigners::default(), + } + ); } #[test] diff --git a/docs/src/developing/clients/javascript-api.md b/docs/src/developing/clients/javascript-api.md index 3469f6b1c73c15..d46ff6645e4e77 100644 --- a/docs/src/developing/clients/javascript-api.md +++ b/docs/src/developing/clients/javascript-api.md @@ -236,6 +236,7 @@ pub enum SystemInstruction { /** 9 **/AllocateWithSeed {/**/}, /** 10 **/AssignWithSeed {/**/}, /** 11 **/TransferWithSeed {/**/}, + /** 12 **/UpgradeNonceAccount, } ``` diff --git a/runtime/src/system_instruction_processor.rs b/runtime/src/system_instruction_processor.rs index 04fb20d4f50626..bb31a1c6c73c1b 100644 --- a/runtime/src/system_instruction_processor.rs +++ b/runtime/src/system_instruction_processor.rs @@ -4,7 +4,7 @@ use { solana_program_runtime::{ic_msg, invoke_context::InvokeContext}, solana_sdk::{ account::{AccountSharedData, ReadableAccount, WritableAccount}, - account_utils::StateMut, + account_utils::{State as _, StateMut}, feature_set, instruction::InstructionError, keyed_account::{from_keyed_account, get_signers, keyed_account_at_index, KeyedAccount}, @@ -420,6 +420,26 @@ pub fn process_instruction( let me = &mut keyed_account_at_index(keyed_accounts, first_instruction_account)?; me.authorize_nonce_account(&nonce_authority, &signers, invoke_context) } + SystemInstruction::UpgradeNonceAccount => { + let separate_nonce_from_blockhash = invoke_context + .feature_set + .is_active(&feature_set::separate_nonce_from_blockhash::id()); + if !separate_nonce_from_blockhash { + return Err(InstructionError::InvalidInstructionData); + } + let nonce_account = keyed_account_at_index(keyed_accounts, first_instruction_account)?; + if !system_program::check_id(&nonce_account.owner()?) { + return Err(InstructionError::InvalidAccountOwner); + } + if !nonce_account.is_writable() { + return Err(InstructionError::InvalidArgument); + } + let nonce_versions: nonce::state::Versions = nonce_account.state()?; + match nonce_versions.upgrade() { + None => Err(InstructionError::InvalidArgument), + Some(nonce_versions) => nonce_account.set_state(&nonce_versions), + } + } SystemInstruction::Allocate { space } => { let keyed_account = keyed_account_at_index(keyed_accounts, first_instruction_account)?; let mut account = keyed_account.try_account_ref_mut()?; @@ -492,11 +512,18 @@ mod tests { account::{self, Account, AccountSharedData}, client::SyncClient, feature_set::FeatureSet, + fee_calculator::FeeCalculator, genesis_config::create_genesis_config, - hash::{hash, Hash}, + hash::{hash, hashv, Hash}, instruction::{AccountMeta, Instruction, InstructionError}, message::Message, - nonce, nonce_account, recent_blockhashes_account, + nonce::{ + self, + state::{ + Data as NonceData, DurableNonce, State as NonceState, Versions as NonceVersions, + }, + }, + nonce_account, recent_blockhashes_account, signature::{Keypair, Signer}, system_instruction, system_program, sysvar, sysvar::recent_blockhashes::IterItem, @@ -2040,4 +2067,139 @@ mod tests { Err(NonceError::NoRecentBlockhashes.into()), ); } + + #[test] + fn test_nonce_account_upgrade_check_owner() { + let nonce_address = Pubkey::new_unique(); + let versions = NonceVersions::Legacy(Box::new(NonceState::Uninitialized)); + let nonce_account = AccountSharedData::new_data( + 1_000_000, // lamports + &versions, // state + &Pubkey::new_unique(), // owner + ) + .unwrap(); + let keyed_accounts = vec![( + false, + true, + nonce_address, + Rc::new(RefCell::new(nonce_account.clone())), + )]; + assert_eq!( + process_instruction( + &serialize(&SystemInstruction::UpgradeNonceAccount).unwrap(), + &keyed_accounts, + ), + Err(InstructionError::InvalidAccountOwner) + ); + assert_eq!(*keyed_accounts[0].3.borrow(), nonce_account); + } + + fn new_nonce_account(versions: NonceVersions) -> AccountSharedData { + let nonce_account = AccountSharedData::new_data( + 1_000_000, // lamports + &versions, // state + &system_program::id(), // owner + ) + .unwrap(); + assert_eq!( + nonce_account.deserialize_data::().unwrap(), + versions + ); + nonce_account + } + + #[test] + fn test_nonce_account_upgrade() { + let nonce_address = Pubkey::new_unique(); + let versions = NonceVersions::Legacy(Box::new(NonceState::Uninitialized)); + let nonce_account = new_nonce_account(versions); + let keyed_accounts = vec![( + false, + true, + nonce_address, + Rc::new(RefCell::new(nonce_account.clone())), + )]; + assert_eq!( + process_instruction( + &serialize(&SystemInstruction::UpgradeNonceAccount).unwrap(), + &keyed_accounts, + ), + Err(InstructionError::InvalidArgument) + ); + assert_eq!(*keyed_accounts[0].3.borrow(), nonce_account); + let versions = NonceVersions::Current(Box::new(NonceState::Uninitialized)); + let nonce_account = new_nonce_account(versions); + let keyed_accounts = vec![( + false, + true, + nonce_address, + Rc::new(RefCell::new(nonce_account.clone())), + )]; + assert_eq!( + process_instruction( + &serialize(&SystemInstruction::UpgradeNonceAccount).unwrap(), + &keyed_accounts, + ), + Err(InstructionError::InvalidArgument) + ); + assert_eq!(*keyed_accounts[0].3.borrow(), nonce_account); + let blockhash = hashv(&[&[171u8; 32]]); + let durable_nonce = + DurableNonce::from_blockhash(&blockhash, /*separate_domains:*/ false); + let data = NonceData { + authority: Pubkey::new_unique(), + durable_nonce, + fee_calculator: FeeCalculator { + lamports_per_signature: 2718, + }, + }; + let versions = NonceVersions::Legacy(Box::new(NonceState::Initialized(data.clone()))); + let nonce_account = new_nonce_account(versions); + let keyed_accounts = vec![( + false, + false, // Should fail! + nonce_address, + Rc::new(RefCell::new(nonce_account.clone())), + )]; + assert_eq!( + process_instruction( + &serialize(&SystemInstruction::UpgradeNonceAccount).unwrap(), + &keyed_accounts, + ), + Err(InstructionError::InvalidArgument) + ); + assert_eq!(*keyed_accounts[0].3.borrow(), nonce_account); + let keyed_accounts = vec![( + false, + true, + nonce_address, + Rc::new(RefCell::new(nonce_account)), + )]; + assert_eq!( + process_instruction( + &serialize(&SystemInstruction::UpgradeNonceAccount).unwrap(), + &keyed_accounts, + ), + Ok(()), + ); + let durable_nonce = + DurableNonce::from_blockhash(&blockhash, /*separate_domains:*/ true); + assert_ne!(data.durable_nonce, durable_nonce); + let data = NonceData { + durable_nonce, + ..data + }; + let upgraded_nonce_account = new_nonce_account(NonceVersions::Current(Box::new( + NonceState::Initialized(data), + ))); + assert_eq!(*keyed_accounts[0].3.borrow(), upgraded_nonce_account); + assert_eq!( + process_instruction( + &serialize(&SystemInstruction::UpgradeNonceAccount).unwrap(), + &keyed_accounts, + ), + Err(InstructionError::InvalidArgument) + ); + assert_eq!(*keyed_accounts[0].3.borrow(), upgraded_nonce_account); + } } diff --git a/sdk/program/src/nonce/state/mod.rs b/sdk/program/src/nonce/state/mod.rs index 6131dc341afd39..6fd0bc238bad6b 100644 --- a/sdk/program/src/nonce/state/mod.rs +++ b/sdk/program/src/nonce/state/mod.rs @@ -60,6 +60,29 @@ impl Versions { State::Initialized(ref data) => (recent_blockhash == &data.blockhash()).then(|| data), } } + + // Upgrades legacy nonces out of chain blockhash domains. + pub fn upgrade(self) -> Option { + match self { + Self::Legacy(mut state) => { + match *state { + // An Uninitialized legacy nonce cannot verify a durable + // transaction. The nonce will be upgraded to Current + // version when initialized. Therefore there is no need to + // upgrade Uninitialized legacy nonces. + State::Uninitialized => None, + State::Initialized(ref mut data) => { + data.durable_nonce = DurableNonce::from_blockhash( + &data.blockhash(), + true, // separate_domains + ); + Some(Self::Current(state)) + } + } + } + Self::Current(_) => None, + } + } } impl From for State { @@ -174,4 +197,36 @@ mod tests { ); } } + + #[test] + fn test_nonce_versions_upgrade() { + // Uninitialized + let versions = Versions::Legacy(Box::new(State::Uninitialized)); + assert_eq!(versions.upgrade(), None); + // Initialized + let blockhash: Hash = hashv(&[&[171u8; 32]]); + let durable_nonce = + DurableNonce::from_blockhash(&blockhash, /*separate_domains:*/ false); + let data = Data { + authority: Pubkey::new_unique(), + durable_nonce, + fee_calculator: FeeCalculator { + lamports_per_signature: 2718, + }, + }; + let versions = Versions::Legacy(Box::new(State::Initialized(data.clone()))); + let durable_nonce = + DurableNonce::from_blockhash(&blockhash, /*separate_domains:*/ true); + assert_ne!(data.durable_nonce, durable_nonce); + let data = Data { + durable_nonce, + ..data + }; + let versions = versions.upgrade().unwrap(); + assert_eq!( + versions, + Versions::Current(Box::new(State::Initialized(data))) + ); + assert_eq!(versions.upgrade(), None); + } } diff --git a/sdk/program/src/system_instruction.rs b/sdk/program/src/system_instruction.rs index 1ae02021d9bd26..ea1a170418e7a1 100644 --- a/sdk/program/src/system_instruction.rs +++ b/sdk/program/src/system_instruction.rs @@ -138,7 +138,7 @@ pub fn instruction_to_nonce_error( /// maximum permitted size of data: 10 MB pub const MAX_PERMITTED_DATA_LENGTH: u64 = 10 * 1024 * 1024; -#[frozen_abi(digest = "2xnDcizcPKKR7b624FeuuPd1zj5bmnkmVsBWgoKPTh4w")] +#[frozen_abi(digest = "5e22s2kFu9Do77hdcCyxyhuKHD8ThAB6Q6dNaLTCjL5M")] #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, AbiExample, AbiEnumVisitor)] pub enum SystemInstruction { /// Create a new account @@ -303,6 +303,13 @@ pub enum SystemInstruction { /// Owner to use to derive the funding account address from_owner: Pubkey, }, + + /// One-time idempotent upgrade of legacy nonce versions in order to bump + /// them out of chain blockhash domain. + /// + /// # Account references + /// 0. `[WRITE]` Nonce account + UpgradeNonceAccount, } pub fn create_account( @@ -572,6 +579,17 @@ pub fn authorize_nonce_account( ) } +/// One-time idempotent upgrade of legacy nonce versions in order to bump +/// them out of chain blockhash domain. +pub fn upgrade_nonce_account(nonce_pubkey: Pubkey) -> Instruction { + let account_metas = vec![AccountMeta::new(nonce_pubkey, /*is_signer:*/ false)]; + Instruction::new_with_bincode( + system_program::id(), + &SystemInstruction::UpgradeNonceAccount, + account_metas, + ) +} + #[cfg(test)] mod tests { use { diff --git a/transaction-status/src/parse_system.rs b/transaction-status/src/parse_system.rs index 8c4a391f52011f..c985ac15a24779 100644 --- a/transaction-status/src/parse_system.rs +++ b/transaction-status/src/parse_system.rs @@ -132,6 +132,15 @@ pub fn parse_system( }), }) } + SystemInstruction::UpgradeNonceAccount => { + check_num_system_accounts(&instruction.accounts, 1)?; + Ok(ParsedInstructionEnum { + instruction_type: "upgradeNonce".to_string(), + info: json!({ + "nonceAccount": account_keys[instruction.accounts[0] as usize].to_string(), + }), + }) + } SystemInstruction::Allocate { space } => { check_num_system_accounts(&instruction.accounts, 1)?; Ok(ParsedInstructionEnum { diff --git a/web3.js/src/system-program.ts b/web3.js/src/system-program.ts index ecc8aa36fdae87..0c80169fad3a1d 100644 --- a/web3.js/src/system-program.ts +++ b/web3.js/src/system-program.ts @@ -528,7 +528,8 @@ export type SystemInstructionType = | 'InitializeNonceAccount' | 'Transfer' | 'TransferWithSeed' - | 'WithdrawNonceAccount'; + | 'WithdrawNonceAccount' + | 'UpgradeNonceAccount'; /** * An enumeration of valid system InstructionType's @@ -631,6 +632,10 @@ export const SYSTEM_INSTRUCTION_LAYOUTS: { Layout.publicKey('programId'), ]), }, + UpgradeNonceAccount: { + index: 12, + layout: BufferLayout.struct([BufferLayout.u32('instruction')]), + }, }); /**